The present invention generally relates to methods and apparatus for capturing of biometric data. More particularly, the present invention relates to capturing of biometric data using methods and apparatus that are less intrusive or more transparent to the user and can occur with reduced user initiation or knowledge.
For many centuries, the question xe2x80x9cHark, who goes there?xe2x80x9d challenged those who approached the castle gates. Was the person a friend or a foe or a subject or a spy? Did they know the secret password or did their messages carry the Emperor""s seal? In modern times, the need for security and authentication of transactions are still of great concern and have spawned multi-billion dollar industries. For example, automatic teller machines (ATMs) transactions, credit-card charges, xe2x80x9csmart cardsxe2x80x9d usage, home and industrial security systems monitoring, computer data and applications protection, and the like all require high levels of security.
With the wide-spread use of computers and the Internet, the security of data stored within computers is of increasing concern. Many methods have been devised to restrict the access of computer data or applications to authorized users, such as installing computer firewalls, implementing complex password schemes, using call-back numbers, providing challenge and response hardware, and the like. As illustrated regularly in the popular press, for each such protection mechanism, hackers have found many ways to circumvent them.
A further concern with the wide-spread use of computers and the Internet is the authentication of electronic communications or files. As an example, application files and patches are often available from multiple places on the Internet. Thus, in order to verify that the source of the file is the manufacturer of the software, as opposed to a Trojan horse, or other destructive virus, files are now often encrypted with special keys that uniquely identify the manufacturer of the file. Such schemes have not been widely implemented or uniformly used.
In order to provide a higher level of protection than described above, in addition to password-type schemes above, one technique has been to combine the password-type schemes with biometric user-identifying capturing devices. Biometric Capture is a term used that generally refers to the sensing and conveyance of physical attributes of a user including finger prints, palm prints, voice prints, retinal patterns, facial orientations, body temperature, and the like.
One drawback to present biometric capturing devices is that present devices are not transparent to the user and are inefficient, i.e. they require the user to stop and perform a physical act specifically for the biometric device. Such artificial acts include facing a camera, placing a forehead against a pad so that a retinal image can be captured, placing a hand on a peg board or a finger on a particular surface for a certain amount of time, speaking keywords or phrases, and the like.
Another drawback to present biometric capture devices include that they are typically stand-alone devices having virtually no function other than capturing the biometric data. Because such devices are stand-alone, they are typically only used as gate keeper devices. As a result, when the biometric security device has been satisfied, fulfilled, or bypassed, there is open access to the secure data, the secure area, and the like. For example, once a user has been authorized to enter a security door, the door may be left open for unauthorized users to enter, similarly, when a screen saver password has been entered correctly, the files on the computer may be accessed.
Thus, what is needed are methods and apparatus for capturing of biometric data that are less intrusive or more transparent to the user and provide a higher level of security. Further, what is needed are method and apparatus for more continuous monitoring of biometric data of users of restricted or secure areas for verification purposes.
According to the present invention, a technique including methods and devices for simultaneously receiving user input on a computer peripheral and biometric data from the user on the same device is disclosed. The biometric data is typically used to determine the identity of the user.
An advantage of such a device is that a computer to which it is attached runs a program that analyses the signals provided by the device to determine the identity of the user operating it and in response, the program may restrict the use of the computer or restrict the access to information on a network, and the like. Alternatively, based upon the user identity, the program may interpret the signals in a way specific to the specific user, for example directory access, environmental preferences, e-mail access, and the like.
Another advantage of this input device is that the determination of the identity of the user of the device is non-intrusive since the user has to interact physically with the input device for normal operation of the device, for example, a keyboard, a mouse, a camera, or a microphone. The input device""s function requires little unusual action and lessens user interruption.
Another advantage of the device is that the identity of the operator can be scanned throughout the computing session without interrupting the actions of the operator. This prevents digital simulation of, for example, hand measurement aspects in a one-time xe2x80x9cstart-of-sessionxe2x80x9d security check since the computer can check the operator identity at random intervals throughout the session. Further, the computer can diagnose the authenticity of the biometric measurement device by verifying that the same device is also controlling the cursor movement. Still further, if the operator leaves the computer unattended, the device can determine if a different person begins to use the computer when they interact with the biometric capture peripheral device.
In one embodiment, the device scans attributes of a user""s hand while the user moves a pointing device. The device communicates with a computer over a standard mouse port, keyboard port, or other methods such as the universal serial bus (USB), used in personal computer systems. Such ports are used to communicate the motion of the pointing device to the computer. With this invention, these same data channels can contain information about the physical aspects of the hand of the user operating it. This information includes, but is not limited to fingerprints, thumbprints, palm prints, hand geometry, temperature, pulse, chemical composition, geometric composition, grip strength of the operator""s hand, and the like. This biometric information can be used alone or in combination with other factors to more transparently determine the identity of the user.
As is commonly done with pointing devices, the xe2x80x9cmousexe2x80x9d port, keyboard port, or USB can supply power to the intrusive biometric identifying peripheral device. The computer system boot program can be configured to prevent the use of a pointing device, or other device, if user""s hand is not scanned, regardless of the identity of the user. This determination could be part of the normal start-up diagnostics of the computer pointing device driver. As an enhancement, the boot program can be configured to disallow xe2x80x9cnon-scanningxe2x80x9d pointing devices from being used with the computer. Additionally, other functions of the computer such as the video display, disk storage subsystems, keyboard drivers, and the like could also be disallowed.
The biometric data derived from the user""s hand is transmitted into the computer, and the biometric data is analyzed. The computer compares the biometric data to an on-line reference database of known biometric data to determine the identity of the user. Based upon the identity, a user specific configuration of the computer can be performed, such as unlocking certain files, allowing access to certain areas, and the like. When an unrecognized user is detected components of the computer such as the video display, disk storage subsystems, network interface, keyboard, and the like could also be disabled.
The computer can record the biometric aspects of the unauthorized operator""s hand for later identification of that user for evidentiary purposes. The device can also be used to record and prove legitimate use of computing or other devices at a specific times, such as employee time cards, financial transactions, remote voting, sender/receiver verification in electronic communication, client billing, and the like.
Since the mechanism and electronics required to produce a functional pointing device have become small and reliable, the hand scanning mechanism and electronics could fit into an input device that would still look and feel identical to current xe2x80x9cordinaryxe2x80x9d input devices. This allows the users to feel comfortable with using the input device since it is already familiar to them.
According to one embodiment of the present invention, a computer peripheral device for providing a computer system with user input data and user biometric data, includes a peripheral activity event sensing portion for detecting use of the device for user input actions and for converting the user input into a data first stream, the user action of a type appropriate for the computer peripheral device, and a biometric acquisition portion for acquiring biometric data from the user at substantially the same time the event sensing portion detects the user action, and for converting the biometric data into a second data stream. The peripheral device also includes a processor coupled to the event sensing portion and the biometric acquisition portion for reversibly encoding the first data stream and the second data stream to form a third data stream, and for providing the third data stream to the computer system.
According to another embodiment of the present invention a method is disclosed for providing a computer system with user input data and user biometric data. The method includes the steps of providing a computer peripheral device, the computer peripheral device including an event sensor and a biometric sensor, detecting a user induced event with the event sensor, and detecting user biometric data at substantially the same time as the step of detecting the user input event. The steps of converting the user input event into a first set of electronic signals, and converting the user biometric data into a second set of electronic signals, is also disclosed. Transmitting the first set of electronic signals to the computer system, and transmitting the second set of electronic signals to the computer system are also. performed.
Further understanding of the nature and advantages of the invention may be realized by reference to the remaining portions of the specification and drawings.